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^ jnternM.security.Mta 

Marco de Vivo, Gabriela O. de Vivo, Germinal Isern 

April 1998 ACM SIGOPS Operating Systems Review, Volume 32 issue 2 

Full text available: ' ^pdrM.2S MB) Additional Infornnation: full citation , abslract , references, citings 

The Internet put the rest of the world at the reach of our connputers. In the sanne way it 
also made our computers reachable by the rest of the world. Good news and bad news!. 
Over the last decade, the Internet has been subject to widespread security attacks. Besides 
the classical terms, new ones had to be found in order to designate a large collection of 
threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, man-in-the- 
middle, password-sniffing, denial-of-service, an ... 

Keywords: Client-Server, Covert Channel, DNS, Denial of Service, Ethernet, Hijacking, 
ICMP, Kerberos, One-Time Password, Ping, RIP, Sniffing, Spoofing, TCP/IP 



2 DOSj?rMection:,H H 
Cheng Jin, Haining Wang, Kang G. Shin 

October 2003 Proceedings of the 10th ACI^ conference on Computer and 
communication security 

Full text available: >xif(213.86 KB) Additional Information: full citation , abstract, references, index terms 

IP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to (1) 
conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts Into 
becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability to filter 
spoofed IP packets near victims is essential to their own protection as well as to their 
avoidance of becoming involuntary DoS reflectors. Although an attacker can forge any field 
in the IP header, he or she cannot falsify t ... 

Keywords: DDoS defense, TTL, host-based, networking, security 



3 Papers: Snternet vulnerabilities related to TCP/IP and mCP B 
Marco de Vivo, Gabriela O. de Vivo, Roberto Koeneke, Germinal Isern 
January 1999 ACM SIGCOMM Computer Communication Review, volume 29 issue i 

Full text available: ■^pdfC56J„.15.KBj Additional Information: MLcitatJon, abstract, reference^. 

The Internet put the rest of the world at the reach of our computers. In the same way it 
also made our computers reachable by the rest of the world. Good news and bad news! 
Over the last decade, the Internet has been subject to widespread security attacks. Besides 
the classical terms, new ones had to be found in order to designate a large collection of 



h 



c g e cf c 



Results (page 1): type AND connection AND spoof Page 2 of 5 

threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, man-in-the- 
middle, password-sniffing, denial-of-service, and ... 

Keywords: Denial of Service, SYN Attack, Sniffing, Spoofing, T/TCP, TCP/IP 

^ A recjuires/provid.^^^^ H 
Steven J. Templeton, Karl Levitt 

February 2001 Proceedings of the 2000 workshop on New security paradigms 

Full text available: "g ^ pdf(704.15 KB) Additional Information: full citaUon . references , citings , index terms 



5 Managing routing tables for URL routers in content distribution networks 
Zornitza Genova Prodanoff, Kenneth J. Christensen 

IVlay 2004 International Journal of Network Management, volume i4 issue 3 

Full text available: pdJi?o7,„00„KBi Additional Infornnation: fujj.citatipn, abstract, referenGes, jndex terms 

Large-scale content distribution networks (CDNs) can be built using URL routers to redirect 
client HTTP requests to the nearest content source. URL routers employ very large routing 
tables. To innprove the manageability of CDNs, we propose to use URL signatures to reduce 
the size of routing tables and aggressive hashing to speed-up routing look-ups. 

6 Encryption-based protection for interactive user/computer communication 
Stephen Thomas Kent 

September 1977 Proceedings of the fifth symposium on Data communications 

Additional Information: Ml-Citatjon, .abstract, references, dt!ng.s, index 



Full text available: Wi pdf(846.33 KB) 

^ ■ Terms 

This paper develops a virtual connection model, complete with intruder, for interactive 
terminal-host communication and presents a set of protection goals that characterize the 
security that can be provided for a physically unsecured connection. Fundamental 
requirements for protocols that achieve these goals and the role of encryption in the design 
of such protocols are examined. Functional and security constraints on positioning of 
protection protocols in a communication system and the imp ... 

Fu|ipaper&:.A.taxgnomy 
Jelena Mirkovic, Peter Reiher 

April 2004 ACM SIGCOMM Computer Communication Review, voiunne 34 issue 2 
Full text available: C'dtf 209. 38 KB) Additional Information: M\ citation , abstract , references 

Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and 
variety of both the attacks and the defense approaches is overwhelming. This paper 
presents two taxonomies for classifying attacks and defenses, and thus provides 
researchers with a better understanding of the problem and the current solution space. The 
attack classification criteria was selected to highlight commonalities and important features 
of attack strategies, that define challenges and dictate the design ... 

^ FonT)a!izingJhe.MetxM^ 
Pieter H. Hartel, Luc Moreau 

December 2001 ACM Computing Surveys (CSUR), volume 33 issue 4 

.r ^ •. «(i ^.//i^o r.- L/Dv Additional Information: full citation . abstrg;ct, references, citings, index 
Full text available: ■r?9 pdf{442.86 KB i . 

terms 

We review the existing literature on Java safety, emphasizing formal approaches, and the 
impact of Java safety on small footprint devices such as smartcards. The conclusion is that 
although a lot of good work has been done, a more concerted effort is needed to build a 
coherent set of machine-readable formal models of the whole of Java and its 
implementation. This is a formidable task but we believe it is essential to build trust in Java 
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safety, and thence to achieve ITSEC level 6 or Common Crite ... 
Keywords: Common criteria, programming 

9 AprMicaj.method„to.OT B 
Udaya Kiran Tupakuia, Vijay Varadharajan 

February 2003 Proceedings of the twenty-sixth Australasian computer science 

conference on Conference in research and practice in information 

technology - Volume 16 

^ M. ^ u. «i ^^>ro-7^L'Dx Additional Inforrnation: fuil.c^ation, 
Full text available: pdf(5871 KB) 

^ Terms 

Today distributed denial of service (DDoS) attacks are causing major problems to conduct 
online business over the Internet. Recently several schemes have been proposed on how to 
prevent some of these attacks, but they suffer from a range of problems, some of them 
being impractical and others not being effective against these attacks. In this paper, we 
propose a Controller-Agent model that would greatly minimize DDoS attacks on Internet. 
With a new packet marking technique and agent design our sc ... 

Keywords: DoS, broad attack signatures, controller-agent model, denial of service, packet 
marking 

10 On the effectiveness of route-based packet filtering for distributed DoS attack ^ 
prevention in power-law internets 

Klhong Park, Heejo Lee 

August 2001 ACM SIGCOMM Computer Communication Review , Proceedings of the 
2001 conference on Applications, technologies, architectures, and 
protocols for computer communications, volume 3i issue 4 

Full text available: ' Podf(3i:i26 KB) Additional Information: full citation , references , atings, index terms 



ICP-Peach:.a„ne^^^ I 
Ian F. Akyildiz, Giacomo Morabito, Sergio Palazzo 

June 2001 IEEE/ACM Transactions on Networking (TON), volume 9 issue 3 

. . ^ ...o.^ Additional Infornnation: fuW citation , abstract , references , citings, index 

Full text available: '^Mfl31§-lv>. KBl .^^^^ 

Current TCP protocols have lower throughput performance in satellite networks mainly due 
to the effects of long propagation delays and high link error rates. In this paper, a new 
congestion control scheme called TCP-Peach is introduced for satellite networks. TCP-Peach 
is composed of two new algorithms, namely Sudden Start and Rapid Recovery, as well as 
the two traditional TCP algorithms. Congestion Avoidance and Fast Retransmit. The new 
algorithms are based on the novel concept of using d ... 

Keywords: TCP protocols, congestion control, high bit error rates, long propagation delays, 
satellite networks 



12 Disarming offense to facilitate defense 
Danilo Bruschi, Emilia Rosti 

February 2001 Proceedings of the 2000 workshop on New security paradigms 

Full text available: "^pdf(6PM3„KB) Additional Information: MicMion, references, citlnas, index terms 



Keywords: attack, computer and network security, defense, disarm, monitor, offense 



h 



c g e of c 



Results (page 1): type AND connection AND spoof 



Pag 



^3 An architecture for secure wide-area service discovery 

Todd D. Modes, Steven E, Czerwinski, Ben Y. Zhao, Anthony D. Joseph, Randy H. Katz 
March 2002 Wireless Networks, volume 8 issue 2/3 

Full text available: ■^pdf(M5.M„KB) Additional Information: fuLcltatjon, abstract, references, jMex.terms 

The widespread deployment of inexpensive communications technology, computational 
resources in the networking infrastructure, and network-enabled end devices poses an 
interesting problem for end users: how to locate a particular network service or device out 
of hundreds of thousands of accessible services and devices. This paper presents the 
architecture and implementation of a secure wide-area Service Discovery Service (SDS). 
Service providers use the SDS to advertise descriptions of available ... 

Keywords: location services, name lookup, network protocols, service discovery 



^ j n t e r nM„secu rity .M§n 
Stephen Kent 

June 1994 StandardView, volume 2 issue 2 

Full text available: 'g^ pdf(1.14 hIB) Additional Information: fuil citation , felerencos . citings, index terms 



''5 Using router stamping to identify the source of iP packets 
Thomas W. Doeppner, Philip N. Klein, Andrew Koyfman 

November 2000 Proceedings of the 7th ACM conference on Computer and 
communications security 

Full text available: "^.P-dfCgMjIl KB) Additional Information: fuLclMpn, references, citings, Indexlerms 



''^ loRplogyidlscovea^^ 

Yuri Breitbart, Minos Garofalakis, Ben Jai, Cliff Martin, Rajeev Rastogi, Avi Silberschatz 
June 2004 lEEE/ACi^ Transactions on Networking (TON), Volume 12 issue 3 

Full text available: odtf 435. 97 KB) Additional Information: M\ citation , abstract , reference?; , index tern-is 

Knowledge of the up-to-date physical topology of an IP network is crucial to a number of 
critical network management tasks, including reactive and proactive resource management, 
event correlation, and root-cause analysis. Given the dynamic nature of today's IP 
networks, keeping track of topology information manually is a daunting (if not impossible) 
task. Thus, effective algorithms for automatically discovering physical network topology are 
necessary. Earlier work has typically concentrated on e ... 

Keywords: IP network management, SNMP MIBs, physical network topology, switched 
Ethernet 



'^7 Programming PHP with security in mind 
Nuno Loureiro 

October 2002 Linux Journal, volume 2002 issue 102 

Full text available: i^„htETi!(15,73.KB). Additional Information: M. citation, abstnsct, index tenris 

Can attackers subvert your web application? Not if you develop it with a healthy distrust of 
users. 

^ Jhe. sessJ.on. token.p 
Brian Carrier, Clay Shields 

August 2004 ACM Transactions on Information and System Security (TISSEC), Volume 7 

Issue 3 
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Full text available: " gpdWSSllS KB? Additional Information: full citation , abstrg-ct . referencea . index iems 

In this paper we present the Session Token Protocol (STOP), a new protocol that can assist 
in the forensic analysis of a computer involved in malicious networic activity. It has been 
designed to help automate the process of tracing attaclcers who log on to a series of hosts 
to hide their identity. STOP utilizes the Identification Protocol infrastructure, improving both 
its capabilities and user privacy. On request, the STOP protocol saves user-level and 
application-level data associated with a par ... 

Keywords: Digital forensics, TCP traceback, auditing and intrusion detection, digital 
investigations, privacy 



Multilink PPP 
George E. Conant 
September 1999 Linux Journal 

Full text available: ^ htmlf21.14 KB] Additional information: iuW citation , abstract , tnciex terms 

One Big Virtual WAN Pipe: MLPPP gives network managers the power to deliver WAN 
bandwidth on demand using an array of services 

20 jndustry„track,pape^^^ B 
dMecting„noyeJ„attac^^^ 
Matthew V. Mahoney, Philip K. Chan 

July 2002 Proceedings of the eighth ACM SIGKDD international conference on 

Knowledge discovery and data mining 

„ . ^ -. u. i« . Additional Information: full citation, abstract, reJerences, .citing.s, mdex 

Full text available: "^pdfCI. 12 MBj 

^ ^ Terms 

Traditional intrusion detection systems (IDS) detect attacks by comparing current behavior 
to signatures of known attacks. One main drawback is the inability of detecting new attacks 
which do not have known signatures. In this paper we propose a learning algorithm that 
constructs models of normal behavior from attack-free network traffic. Behavior that 
deviates from the learned normal model signals possible novel attacks. Our IDS is unique in 
two respects. First, it is nonstationary, modeling pr ... 
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1 Agent-based distributed intrusion source identification 

Hongjun Wang; Ruijun Wang; Cuirong Wang; Yuan Gao; 

Computer Networks and Mobile Computing, 2003. ICCNMC 2003. 2003 

International Conference on , 20-23 Oct. 2003 

Pages : 34 1 - 344 

[Abstract! [PDF Full-Text (2337 KB)1 ieee cnf 
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Spoofing a MAC Address to Reconnect to an ISP 

... To Spoof a MAC Address. ... that your ISP's installers used to establish Internet connection 
to the router. ... Then, in step 6, type Use This MAC Address, entering the 

kbserver,netgear.oom/kb_web_nies/n101227.asp - 24k - Cacjtied - S tmiiar pa ges 

[PDF] Spoof Bounce 

File Format PDF/Adobe Acrobat - View as HTML 

... Stopping and detecting spoof bounce attacks ... Another indication that this type of 
attack might be going ... a higher than normal number of connection requests that ... 

vAfWV.giac.org/practical/gsec/Kevin_Dixon_GSEC.pdf •• Sirnnar pa^es 

Here's what you need to run Spoofer: 

... the sequence numbers during the spoof to get ... To run, type: "Spoofer trusted_hostname 
target_host dead_host ... that will not respond to TCP connection setup packets ... 

www iisKukans.edu/'-jketmig/spoof/frames/main. html - 14k - Cached - SimOar pages 

The Whole-Web Spoofing Attack 

... you naturally assume that you should type the name ... victim's browser shows the 
secure-connection icon (usually ... is difficult for the attacker to spoof the entire ... 

bau2.uibk.ac-at/matic/spoofing,htm - 25k - Cached - Sjrnj]aj:.j;^ages 

What is spoof? - A Word Definition From the Webopedia Connputer ■■■ 
... WAN connections incur fees only when they are transmitting data. To reduce this 
problem, routers and other network devices can be programmed to spoof replies ... 

www .webopedia. convTERM/S/spoof .htm! •- 38k Csched - Similar parses 

Free Fake Email, Anonymous Email 

... You can spoof any email address and send it to anyone you like. Sign Up. How to 
Send Fake Mail Using SMTP Servers? ... This type connection is untraceable. ... 

anonmaii.topcitiesxom/sendfakemail.htmi - 20k - Cached - Similar pa^^^ 

: Re: secure replacements for passwords 

... If someone attempts to spoof the connection, they can do ... replacing it to the other 
side of the connection. Hopefully, this type of spoofing can be prevented by ... 

www-mice.cs.uc!,ac-uk/mu!timedia/ rnisc/tcpjp/8702.mm.www/0066.htmi - 7k - Coached - Simijaii^aii^^^ 

Hack In The Box :: View topic - Remotely Connecting to An ip 

... to that port, you should be able to connect to it ... simple UserAgent check), but you 

can easily spoof that info ... There can also be 'deep level' type of protection ... 

https://forum.hackinthebox.org/viewtopic.php?p=50099 - 53k - Cached - Simijar.gages 

War Tools! Scan. Sniff. Spoof and Hijack 2 

„. Scan, Sniff, Spoof and Hijack Note ... on a Unix type computer 

- as ... is going on with each connection. ... 

wvvw,secinlnet/harmless_hacking_book/ War_Toois_8can_Sniff_Spoof_and_Hij - 57k - 

Prelude Hybrid IDS: [3514] (changeset^ - Trac 

... medium; \ assessment. impact.completion=failed; \ assessment.impact.type=recon; \ 
assessment ... PIX-1-106022: Deny protocol connection spoof from source_address to ... 

trac.pre!ude-ids.org/trac.cgi/changeset/3514 - 14k - Cached - Sjo))M^^ 
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